View policy access Deleting IAM policies (console)Deleting IAM policies (Amazon CLI)Deleting IAM policies (Amazon API)

Deleting IAM policies

You can delete IAM policies using the Amazon Web Services Management Console, the Amazon Command Line Interface (Amazon CLI), or the IAM API.

Note

Deletion of IAM policies is permanent. After the policy is deleted it cannot be recovered.

For more information about the difference between managed and inline policies, see Managed policies and inline policies.

For general information about IAM policies, see Policies and permissions in IAM.

The number and size of IAM resources in an Amazon account are limited. For more information, see IAM and Amazon STS quotas.

View policy access

Before you delete a policy, you should review its recent service-level activity. This is important because you don't want to remove access from a principal (person or application) who is using it. For more information about viewing last accessed information, see Refining permissions in Amazon using last accessed information.

Deleting IAM policies (console)

You can delete a customer managed policy to remove it from your Amazon Web Services account. You cannot delete Amazon managed policies.

To delete a customer managed policy (console)

Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/.
In the navigation pane, choose Policies.
Select the radio button next to the customer managed policy to delete. You can use the search box to filter the list of policies.
Choose Actions, and then choose Delete.
Follow the instructions to confirm that you want to delete the policy, and then choose Delete.

To delete an inline policy for a user group, user, or role (console)

In the navigation pane, choose User groups, Users, or Roles.
Choose the name of the user group, user, or role with the policy that you want to delete. Then choose the Permissions tab.
Select the check boxes next to the policies to delete and choose Remove. To delete an inline policy in Users or Roles, choose Remove to confirm the deletion. If you are deleting a single inline policy in User groups, type the name of the policy and choose Delete. If you are deleting multiple inline policies in User groups, type the number of policies you are deleting followed by inline policies and choose Delete. For example, if you are deleting three inline policies, type 3 inline policies.

Deleting IAM policies (Amazon CLI)

You can delete a customer managed policy from the Amazon Command Line Interface.

To delete a customer managed policy (Amazon CLI)

(Optional) To view information about a policy, run the following commands:
- To list managed policies: list-policies
- To retrieve detailed information about a managed policy: get-policy
(Optional) To find out about the relationships between the policies and identities, run the following commands:
- To list the identities (users, user groups, and roles) to which a managed policy is attached, run the following command:
  - list-entities-for-policy
- To list the managed policies attached to an identity (a user, user group, or role), run one of the following commands:
To delete a customer managed policy, run the following command:
- delete-policy

To delete an inline policy (Amazon CLI)

(Optional) To list all inline policies that are attached to an identity (user, user group, role), use one of the following commands:
(Optional) To retrieve an inline policy document that is embedded in an identity (user, user group, or role), use one of the following commands:
To delete an inline policy from an identity (user, user group, or role that is not a service-linked role), use one of the following commands:

Deleting IAM policies (Amazon API)

You can delete a customer managed policy using the Amazon API.

To delete a customer managed policy (Amazon API)

(Optional) To view information about a policy, call the following operations:
- To list managed policies: ListPolicies
- To retrieve detailed information about a managed policy: GetPolicy
(Optional) To find out about the relationships between the policies and identities, call the following operations:
- To list the identities (users, user groups, and roles) to which a managed policy is attached, call the following operation:
  - ListEntitiesForPolicy
- To list the managed policies attached to an identity (a user, user group, or role), call one of the following operations:
To delete a customer managed policy, call the following operation:
- DeletePolicy

To delete an inline policy (Amazon API)

(Optional) To list all inline policies that are attached to an identity (user, user group, role), call one of the following operations:
(Optional) To retrieve an inline policy document that is embedded in an identity (user, user group, or role), call one of the following operations:
To delete an inline policy from an identity (user, user group, or role that is not a service-linked role), call one of the following operations:

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Editing IAM policies

Refining permissions using access information